I would like to know how to access to the digital identity to response that challenge, cause I already have the server evaluators, the Trust Manager and the session
let evaluators: [String: ServerTrustEvaluating] = [
"my.domain.es": PinnedCertificatesTrustEvaluator(certificates: [certificate!], acceptSelfSignedCertificates : false,
	performDefaultValidation: false, validateHost : true)
]
let serverTrustManager = ServerTrustManager(evaluators: evaluators)
let session = Session(serverTrustManager: serverTrustManager)
Post
Replies
Boosts
Views
Activity
Thanks for your answer, once again.
I have already successfully installed the PKCS12 certificate into the configuration profile of the device. Safari prompts a dialog which asks for a client certificate, and offers me to use the certificate installed of the phone, being the authentication successfully done after continuing.
I need to do something similar in code (or at least, that is my objetive). Actually I am doing it building the URLCredential with the certificate in the bundle
var pathToCert = Bundle.main.path(forResource: "certname", ofType: "certtype")
var localCertificate : NSData = NSData(contentsOfFile: pathToCert! )!
Now, what I need to do is to use it when passing the URLCredential to the request.
let credentials = URLCredential(identity: identity, certificates: [certificate!], persistence: .forSession)
Reading the docs attached, I can see there is not posible to access directly from code to the profile where the PKCS12 is stored, and load it after using SecPKCS12Import (it's possible I am wrong).
If I can't do this, then, will I have to ask for the certificate inside my app? Or there's other way to do this?
Thank you very much in advance. Really appreciate Apple support
My plan is to distribute this app via the App Store, giving access to several users using their certificates.
Maybe the best option if it's not possible to access the certificate given in the configuration profile, is to ask them for the certificate inside the app, before doing the authentication
A parenthesis: Is it possible to give the certificate access to other applications via Settings?
Thank you for your answer.
Certificates are emited by a trust certification authority. I have actually the .p12 certificate obtained plus its private key, which I use to authenticate successfully against a certificate entity (just doing a GET request)
let pathToCert = Bundle.main.path(forResource: "aLosada_7", ofType: "p12")
let localCertificate = NSData(contentsOfFile: pathToCert! )!
let options = [String(kSecImportExportPassphrase):"yourpassword"]
var items: CFArray? = nil
let result = SecPKCS12Import(localCertificate, options as CFDictionary, &items)
if (result != errSecSuccess) {
print(result)
}
let info = (items! as NSArray).firstObject! as! NSDictionary
let identity = info[String(kSecImportItemIdentity)] as! SecIdentity
let credentials = URLCredential(identity: identity, certificates: nil, persistence: .forSession)
This way I am doing it right but using the certificate stored in the Bundle of my app. Now I want to do this globally to any user trying to access to my application.
This is why I thought the best way to do it was obtaining the certificate from the profile (until I got that certificate will be only accesible by the Apple keychain group).
So I am trying to access this .p12 from somewhere else, but I am confused on how to do this.
Yes, I need help with the latter one, accusing the digital identity which will allow me to response to that challenge. I am doing something like this, but I am not getting any result.
func retrieveData(accessGroup: String) {
let query = [kSecClass: kSecClassIdentity,
kSecReturnAttributes: true,
kSecReturnData: true] as [String: Any]
var item: CFTypeRef?
let status = SecItemCopyMatching(query as CFDictionary, &item)
if status == errSecItemNotFound {
print("none")
}
if let resultDictionary = item as? [String: Any],
let data = resultDictionary[kSecValueData as String] as? Data {
}
}
Hey, sorry for the late reply.
I would need help to access the digital identity to respond that challenge. As I told you before, I installed the certificate on the mobile, but this way probably I won't be able to access it and use it to respond that challenge.
I was wondering if there is a chance of making the challenge using the browser (Safari), and after it has been done, get a cookie value and return it to the program (which is all I need in the end)
Thank you for your answer, I think I understand.
In my case, what my login needs to use is a client certificate that I have previously installed on the device, so I guess maybe I can access it from the web view to perform the authentication. There is any way I can get the response directly from my web view method code?
Thank you for your reply once again Matt.
I think the solution is pretty close.
I have the PKCS#12/p12 Digital Identity already installed on my device (as a profile).
Can I access it through getCertArrayFromKeychain()?. If this is possible, what would be the code of this function, or how can I access that Digital Identity?
I am already doing it obtaining the Digital Identity directly from the assets of my project, but I need to do this for every user that wants to use the app (needs to be dynamic, not static), so I need to access that profile installed on the device. This is the code I actually used to do it.
let pathToCert = Bundle.main.path(forResource: "aLosada7", ofType: "p12")
let localCertificate = NSData(contentsOfFile: pathToCert! )!
let options = [String(kSecImportExportPassphrase):"yourpassword"]
var items: CFArray? = nil
let result = SecPKCS12Import(localCertificate, options as CFDictionary, &items)
if (result != errSecSuccess) {
print(result)
}
let info = (items! as NSArray).firstObject! as! NSDictionary
let identity = info[String(kSecImportItemIdentity)] as! SecIdentity
let credentials = URLCredential(identity: identity, certificates: nil, persistence: .forSession)
Thank you once again for your time. I really appreciate it so much.
I will be really appreciated if anyone could ask my question.
Thank you very much guys :)